GCC's Blog

Not Just Black Friday: The Cybersecurity Risks Involved in Online Shopping

Omri Admon

Innovation Specialist, SOSA

Sep 26, 2019

Summer may have just barely made its exit, but retailers are already deep into thinking about Black Friday, Cyber Monday, and end-of-the-year holiday shopping. Likewise, many of us are already planning ahead and plotting the purchases we’ll be making during those big shopping days. A new TV? Those boots you’ve been eyeing? Maybe a robotic vacuum cleaner or a fancy espresso machine?

These days, you can find all of that and more online. With online shopping, the possibilities—and temptations—are endless. And who doesn’t love how with just some typing and a few clicks, whatever you’re looking for can arrive right to your door?

But as retailers and shopping platforms have gotten more sophisticated and more prevalent, so too have the threats and dangers that come with them. As you plan your online shopping, whether on Cyber Monday or at any other time of the year, here are some cybersecurity risks to be aware of and look out for:


Phishing is a technique used by fraudsters to trick you into handing over sensitive data, such as a password or a credit card number. Fraudsters employing phishing often send out an email that looks like it’s from a trustworthy company and encourages you to reply or click through to a page and provide personal information. Unfortunately, phishing has gotten increasingly more sophisticated, and it can be hard to identify it right off the bat. To keep yourself safe, check the sender’s email address (e.g., messages from Bank of America should come from an email address that resembles “Bank of America” or “BofA,” rather than something completely unrelated), and think twice before providing sensitive information online. If it seems like they’re asking for a lot, look up the business’ phone number or email address on their actual website—Don’t call the number listed in the suspicious-looking email!—and ask them to verify that they actually sent the message before you reply or fill anything out.

Data theft

Data theft often occurs at the hands of system administrators and office workers with access to servers housing large amounts of sensitive data. While regulation, such as General Data Protection Regulation (GDPR), has been put into place to address issues relating to privacy and large organizations have implemented techniques that limit what their employees can access, such attacks, like the Capital One data breach, continue to occur. Protect yourself by setting strong, distinct passwords for each online account, making sure they contain a combination of letters, numbers, and symbols and are hard to guess. By not using the same email-password combination on each site, you limit what hackers can do if they do happen to gain access to some of your accounts and data.


Malware is software that is used to do harm by damaging or disabling computers and computer systems. Malware can be used to hack into large databases and compromise tons of personal information, as happened in the case of attacks on Equifax, Starwood hotels, and British Airways. As with data theft, setting strong, unique passwords for each online account can help keep you safe.

Fake online reviews

With so many products available online, it can be hard to decide which to buy and from where. Online reviews often provide an extra level of input that can help you make a decision. It goes both ways, though, as reviews also have a big impact on retailers’ and merchants’ abilities to instill confidence and sell. Unfortunately, that means that some retailers rely on fake reviews to boost their results and their sales. To avoid ending up with a substandard product or buying from a sketchy source, a little bit of skepticism can be healthy. Keep an eye out for lots of glowing reviews that lack detail, check the sources of reviews, and do a little bit of research on other sites to see if the reviews you’re seeing seem consistent across the board.

Banned or unsafe products

Unless you’re shopping directly from the website of a store or merchant you know, you’re likely to end up on a marketplace, such as Amazon, eBay, AliExpress, or even Etsy. Sites like these provide a huge platform for third-party sellers to market and sell their goods without having to set up their own online shop. In turn, these sellers make the overarching marketplace stronger by increasing the variety of products that are available there. As companies like Amazon have opened up their marketplaces to these vendors, however, they’ve lost control of their offerings, with more and more vendors offering products that have been banned (e.g., children’s toys that have lead in them or can cause choking) or are unregulated (e.g., healthcare products that are not approved by the FDA). And because Amazon, and other marketplaces like it, don’t check each listing individually, they end up being a platform for products that could potentially be dangerous to consumers. When you’re looking for products for children or products that purport a certain level of safety, it’s worth doing a little extra research to make sure that the product is, in fact, safe and that the vendor offering it is legit.

Counterfeit goods

While huge strides have been made to identify and reduce the sale of counterfeit goods on different online platforms, many of them continue to sneak through, often through those same third-party sellers offering banned and unregulated products. To avoid falling into a trap of counterfeit goods, aim to shop from reputable retailers—either the original manufacturer and seller or a store or chain that has a good track record. In addition, keep an eye out for deals that look too good to be true, such as high-end products offered at a very steep discount. Luxury brands in particular tend to keep pricing under tight control to avoid diluting the value of their brand, so they’re unlikely to allow significant discounts.

Man-in-the-middle attack

A man-in-the-middle (MITM) attack involves a hacker manipulating communications and spying on data sent between a computer and a server, thereby gaining access to any sensitive data, such as passwords, that is transmitted. To protect your data, make sure that you’re using encrypted sites—often labeled with HTTPS or a small lock next to the URL—and avoid using public networks, especially when shopping (and therefore providing your credit card) or filling out any sensitive forms.

Evil twin attack

An evil twin is the term used to describe a fake WiFi network that has the same name as a legitimate, safe one and is used to trick people into connecting in order to spy on their communications and steal passwords and other sensitive data. Evil twins can be hard to identify and avoid, but you can keep yourself safe by using password-protected WiFi networks as much as possible and avoiding transmitting personal details—credit card numbers, passwords, social security or other ID numbers—over unknown or public networks.

Online shopping offers lots of convenience and eliminates many of the headaches associated with traditional brick-and-mortar shopping. Unfortunately, hackers and fraudsters have found ways to compromise that, but with an extra dose of vigilance, you can make sure that online shopping stays fun and safe for you.